ridley-connectors 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c1d5f17ffd3feb5cafb982a127e2395f533e8413
-  data.tar.gz: 489a86773e6532a1e39896062c4057625cd64d0e
+  metadata.gz: 87c1f79723fb9e7686c92cf93e1ca18f44f1a84e
+  data.tar.gz: 454fa2d37b0d50f0a142bf4d6ff07008780fbb46
 SHA512:
-  metadata.gz: 0e0d43263f510aafd2f797e00d6401af61bd6f98dce4461804de9d6c538808b709c45eef96ed2ea963ad61af8255da5cd0a19936b84fd6293a747a5f0792568d
-  data.tar.gz: b4e15afa128530307f6b21c8dc857a6c26c1807d5ed53aecd3461efd68a126fee293eb6395bcb2be96522a71cd4374d766473f712a158d5624906af228ec8d31
+  metadata.gz: 3804e24b87910d76f17600b5bdcec241df61a0fe987e7665da5b53aa2137032201b03d7e379832e571a8468ed604ee139c78b7598f23fe4f75b555cf7ad4993c
+  data.tar.gz: 3ed6331456cb3d3ef1f01dce1379ae581250d1c5a1335824c9ac3e829b3058cb278619f97ccfcadf00e2f7adada6df7568face45ac0c8dbfc6898b7fbe59d22c

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## v.1.1.0
+
+* [#2](https://github.com/RiotGames/ridley-connectors/pull/2) Copying an encrypted data bag should not expose the secret
+
 ## v.1.0.1
 
 * [#3](https://github.com/RiotGames/ridley-connectors/pull/3) Fix the broken Ridley::Client

data/lib/ridley-connectors/host_connector/ssh.rb

@@ -54,7 +54,7 @@ module Ridley
           rescue Net::SSH::ConnectionTimeout, Timeout::Error
             response.exit_code = -1
             response.stderr    = "Connection timed out"
-          rescue Errno::EHOSTUNREACH
+          rescue SocketError, Errno::EHOSTUNREACH
             response.exit_code = -1
             response.stderr    = "Host unreachable"
           rescue Errno::ECONNREFUSED
@@ -95,6 +95,7 @@ module Ridley
         context = BootstrapContext::Unix.new(options)
 
         log.info "Bootstrapping host: #{host}"
+        log.filter_param(context.boot_command)
         run(host, context.boot_command, options)
       end
 
@@ -131,6 +132,7 @@ module Ridley
       #
       # @return [HostConnector::Response]
       def put_secret(host, secret, options = {})
+        log.filter_param(secret)
         cmd = "echo '#{secret}' > /etc/chef/encrypted_data_bag_secret; chmod 0600 /etc/chef/encrypted_data_bag_secret"
         run(host, cmd, options)
       end

data/lib/ridley-connectors/host_connector/winrm.rb

@@ -51,7 +51,7 @@ module Ridley
             command_uploaders << command_uploader = CommandUploader.new(connection)
             command = get_command(command, command_uploader)
 
-            log.info "Running WinRM Command: '#{command}' on: '#{host}' as: '#{user}'"
+            log.info "Running WinRM command: '#{command}' on: '#{host}' as: '#{user}'"
 
             defer {
               output = connection.send(command_method, command) do |stdout, stderr|
@@ -121,6 +121,7 @@ module Ridley
         context = BootstrapContext::Windows.new(options)
 
         log.info "Bootstrapping host: #{host}"
+        log.filter_param(context.boot_command)
         run(host, context.boot_command, options)
       end
 
@@ -153,6 +154,7 @@ module Ridley
       #
       # @return [HostConnector::Response]
       def put_secret(host, secret, options = {})
+        log.filter_param(secret)
         command = "echo #{secret} > C:\\chef\\encrypted_data_bag_secret"
         run(host, command, options)
       end

data/lib/ridley-connectors/version.rb

@@ -1,5 +1,5 @@
 module Ridley
   module Connectors
-    VERSION = '1.0.1'
+    VERSION = '1.1.0'
   end
 end

data/ridley-connectors.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'celluloid', '~> 0.15'
   s.add_dependency 'celluloid-io', '~> 0.15'
   s.add_dependency 'net-ssh'
-  s.add_dependency 'ridley', '~> 2.0.0'
+  s.add_dependency 'ridley', '~> 2.1.0'
   s.add_dependency 'winrm', '~> 1.1.0'
 
   s.add_development_dependency 'buff-ruby_engine', '~> 0.1'

data/spec/unit/ridley-connectors/host_connector/ssh_spec.rb

@@ -17,10 +17,17 @@ describe Ridley::HostConnector::SSH do
   end
 
   describe "#bootstrap" do
+    let(:bootstrap_context) { Ridley::BootstrapContext::Unix.new(options) }
+
     it "sends a #run message to self to bootstrap a node" do
       connector.should_receive(:run).with(host, anything, options)
       connector.bootstrap(host, options)
     end
+
+    it "filters the whole command" do
+      expect(Ridley::Logging.logger).to receive(:filter_param).with(bootstrap_context.boot_command)
+      connector.bootstrap(host, options)
+    end
   end
 
   describe "#chef_client" do
@@ -41,6 +48,11 @@ describe Ridley::HostConnector::SSH do
       )
       connector.put_secret(host, secret, options)
     end
+
+    it "filters the secret" do
+      expect(Ridley::Logging.logger).to receive(:filter_param).with(secret)
+      connector.put_secret(host, secret, options)
+    end
   end
 
   describe "#ruby_script" do

data/spec/unit/ridley-connectors/host_connector/winrm_spec.rb

@@ -4,6 +4,7 @@ describe Ridley::HostConnector::WinRM do
   subject { connector }
   let(:connector) { described_class.new }
   let(:host) { 'fake.riotgames.com' }
+  let(:command_uploader_double) { double('command_uploader', :cleanup => nil, :upload => nil, :command => nil) }
   let(:options) do
     {
       server_url: double('server_url'),
@@ -15,7 +16,10 @@ describe Ridley::HostConnector::WinRM do
     }
   end
 
-  before { described_class::CommandUploader.stub(:new).and_return(double('command_uploader')) }
+  before do
+    described_class::CommandUploader.stub(:new).and_return(command_uploader_double)
+    ::WinRM::WinRMWebService.stub(:new).and_return(double(:set_timeout => nil, :run_cmd => {exitcode: 0}))
+  end
 
   describe "#get_command" do
     subject(:get_command) { connector.get_command(command, command_uploader_stub) }
@@ -98,10 +102,17 @@ describe Ridley::HostConnector::WinRM do
   end
 
   describe "#bootstrap" do
+    let(:bootstrap_context) { Ridley::BootstrapContext::Windows.new(options) }
+
     it "sends a #run message to self to bootstrap a node" do
       connector.should_receive(:run).with(host, anything, options)
       connector.bootstrap(host, options)
     end
+
+    it "filters the whole command" do
+      expect(Ridley::Logging.logger).to receive(:filter_param).with(bootstrap_context.boot_command)
+      connector.bootstrap(host, options)
+    end
   end
 
   describe "#chef_client" do
@@ -119,6 +130,10 @@ describe Ridley::HostConnector::WinRM do
     let(:encrypted_data_bag_secret_path) { fixtures_path.join("encrypted_data_bag_secret").to_s }
     let(:secret) { File.read(encrypted_data_bag_secret_path).chomp }
 
+    before do
+      Ridley::HostConnector::WinRM::CommandUploader.stub(:new).and_return(double(:cleanup => nil))
+    end
+
     it "receives a command to copy the secret" do
       connector.should_receive(:run).with(host,
         "echo #{secret} > C:\\chef\\encrypted_data_bag_secret",
@@ -127,6 +142,11 @@ describe Ridley::HostConnector::WinRM do
 
       put_secret
     end
+
+    it "filters the secret" do
+      expect(Ridley::Logging.logger).to receive(:filter_param).with(secret)
+      put_secret
+    end
   end
 
   describe "#ruby_script" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ridley-connectors
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Jamie Winsor
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-21 00:00:00.000000000 Z
+date: 2013-11-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: celluloid
@@ -59,14 +59,14 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 2.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: winrm
   requirement: !ruby/object:Gem::Requirement